Merge pull request caktus#92 from caktus/eks-with-nodegroup

EKS with nodegroup

Author: dpoirier

CHANGELOG.rst

@@ -19,10 +19,12 @@ Change Log
 
 What's new in 2.0.0:
 
+* Add support for Elastic Kubernetes Service (EKS).
 * Re-purpose use_aes256_encryption flag to support encryption across S3, RDS, Elasticache (Redis only), and RDS (thanks @dsummersl)
 * Add support for Customer Managed CMKs with ``CustomerManagedCmkArn`` parameter (not applied to public buckets)
 * Add configurable ContainerVolumeSize to change root volume size of EC2 instances (thanks @dsummersl)
 * Change generated template output from JSON to YAML (thanks @cchurch)
+* The stack no longer prompts for a ``SECRET_KEY`` if it won't be used for the stack type in question.
 * Add required DBParameterGroup by default, which allows configuring database specific parameters. This avoids having to reboot a production database instance to add a DBParameterGroup in the future. (thanks @cchurch)
 * Add tags to all resources, including a common ``aws-web-stacks:stack-name`` tag with the stack's name
 * Add a ``aws-web-stacks:role`` tag to EC2 instances to identify as bastion vs. worker.

Makefile

@@ -12,6 +12,8 @@ templates:
 	USE_EB=on USE_NAT_GATEWAY=on python -c 'import stack' > content/eb-nat.yaml
 	USE_ECS=on python -c 'import stack' > content/ecs-no-nat.yaml
 	USE_ECS=on USE_NAT_GATEWAY=on python -c 'import stack' > content/ecs-nat.yaml
+	USE_EKS=on python -c 'import stack' > content/eks-no-nat.yaml
+	USE_EKS=on USE_NAT_GATEWAY=on python -c 'import stack' > content/eks-nat.yaml
 	USE_DOKKU=on python -c 'import stack' > content/dokku-no-nat.yaml
 	# USE_DOKKU=on USE_NAT_GATEWAY=on python -c 'import stack' > content/dokku-nat.yaml (disabled; need to SSH to instance to deploy)
 	USE_GOVCLOUD=on python -c 'import stack' > content/gc-no-nat.yaml

README.rst

@@ -5,8 +5,8 @@ AWS Web Stacks
     :target: https://circleci.com/gh/caktus/aws-web-stacks
 
 AWS Web Stacks is a library of CloudFormation templates that dramatically simplify hosting web applications
-on AWS. The library supports using Elastic Container Service (ECS), Elastic Beanstalk (EB), EC2 instances
-(via an AMI you specify), or `Dokku <http://dokku.viewdocs.io/dokku/>`_ for the application server(s) and
+on AWS. The library supports using Elastic Beanstalk, ECS, EKS, EC2 instances (via an AMI you specify),
+or `Dokku <http://dokku.viewdocs.io/dokku/>`_ for the application server(s) and
 provides auxilary managed services such as an RDS instance, ElastiCache instance, Elasticsearch instance
 (free) SSL certificate via AWS Certificate Manager, S3 bucket for static assets, ECS repository for hosting
 Docker images, etc. All resources (that support VPCs) are created in a self-contained VPC, which may use a
@@ -19,27 +19,27 @@ which allows for some validation at build time and simplifies the management of
 templates.
 
 If a NAT gateway is not used, it's possible to create a fully-managed, self-contained hosting
-environment for your application entirely within the free tier on AWS. To try it out, select
-one of the following:
+environment for your application entirely within the free tier on AWS (albeit not with all stacks,
+for example, there is no free tier for EKS). To try it out, select one of the following:
 
-+---------------------+-------------------+---------------------------+---------------+-----------------+
-|                     | Elastic Beanstalk | Elastic Container Service | EC2 Instances | Dokku           |
-+=====================+===================+===========================+===============+=================+
-| Without NAT Gateway | |EB-No-NAT|_      | |ECS-No-NAT|_             | |EC2-No-NAT|_ | |Dokku-No-NAT|_ |
-+---------------------+-------------------+---------------------------+---------------+-----------------+
-| With NAT Gateway    | |EB-NAT|_         | |ECS-NAT|_                | |EC2-NAT|_    | n/a             |
-+---------------------+-------------------+---------------------------+---------------+-----------------+
++---------------------+-------------------+---------------+---------------+---------------+-----------------+
+|                     | Elastic Beanstalk | ECS           | EKS           | EC2 Instances | Dokku           |
++=====================+===================+===============+===============+===============+=================+
+| Without NAT Gateway | |EB-No-NAT|_      | |ECS-No-NAT|_ | |EKS-No-NAT|_ | |EC2-No-NAT|_ | |Dokku-No-NAT|_ |
++---------------------+-------------------+---------------+---------------+---------------+-----------------+
+| With NAT Gateway    | |EB-NAT|_         | |ECS-NAT|_    | |EKS-NAT|_    | |EC2-NAT|_    | n/a             |
++---------------------+-------------------+---------------+---------------+---------------+-----------------+
 
 If you'd like to review the CloudFormation template first, or update an existing stack, you may also
 wish to use the YAML template directly:
 
-+---------------------+-------------------+---------------------------+--------------------+----------------------+
-|                     | Elastic Beanstalk | Elastic Container Service | EC2 Instances      | Dokku                |
-+=====================+===================+===========================+====================+======================+
-| Without NAT Gateway | `eb-no-nat.yaml`_ | `ecs-no-nat.yaml`_        | `ec2-no-nat.yaml`_ | `dokku-no-nat.yaml`_ |
-+---------------------+-------------------+---------------------------+--------------------+----------------------+
-| With NAT Gateway    | `eb-nat.yaml`_    | `ecs-nat.yaml`_           | `ec2-nat.yaml`_    | n/a                  |
-+---------------------+-------------------+---------------------------+--------------------+----------------------+
++---------------------+-------------------+--------------------+--------------------+--------------------+----------------------+
+|                     | Elastic Beanstalk | ECS                | EKS                | EC2 Instances      | Dokku                |
++=====================+===================+====================+====================+====================+======================+
+| Without NAT Gateway | `eb-no-nat.yaml`_ | `ecs-no-nat.yaml`_ | `eks-no-nat.yaml`_ | `ec2-no-nat.yaml`_ | `dokku-no-nat.yaml`_ |
++---------------------+-------------------+--------------------+--------------------+--------------------+----------------------+
+| With NAT Gateway    | `eb-nat.yaml`_    | `ecs-nat.yaml`_    | `eks-nat.yaml`_    | `ec2-nat.yaml`_    | n/a                  |
++---------------------+-------------------+--------------------+--------------------+--------------------+----------------------+
 
 .. |EB-No-NAT| image:: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png
 .. _EB-No-NAT: https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=eb-app-no-nat&templateURL=https://s3.amazonaws.com/aws-web-stacks/eb-no-nat.yaml
@@ -57,6 +57,14 @@ wish to use the YAML template directly:
 .. _ECS-NAT: https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=ecs-app-with-nat&templateURL=https://s3.amazonaws.com/aws-web-stacks/ecs-nat.yaml
 .. _ecs-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/ecs-nat.yaml
 
+.. |EKS-No-NAT| image:: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png
+.. _EKS-No-NAT: https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=eks-no-nat&templateURL=https://s3.amazonaws.com/aws-web-stacks/eks-no-nat.yaml
+.. _eks-no-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/eks-no-nat.yaml
+
+.. |EKS-NAT| image:: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png
+.. _EKS-NAT: https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=eks-with-nat&templateURL=https://s3.amazonaws.com/aws-web-stacks/eks-nat.yaml
+.. _eks-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/eks-nat.yaml
+
 .. |EC2-No-NAT| image:: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png
 .. _EC2-No-NAT: https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=ec2-app-no-nat&templateURL=https://s3.amazonaws.com/aws-web-stacks/ec2-no-nat.yaml
 .. _ec2-no-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/ec2-no-nat.yaml
@@ -76,8 +84,8 @@ In addition to this README, there is additional documentation at
 http://aws-web-stacks.readthedocs.io/
 
 
-Elastic Beanstalk, Elastic Container Service, EC2, or Dokku?
-------------------------------------------------------------
+Elastic Beanstalk, Elastic Container Service, EC2, Dokku, or EKS?
+-----------------------------------------------------------------
 
 **Elastic Beanstalk** is the recommended starting point. Elastic Beanstalk comes with a preconfigured
 autoscaling configuration, allows for automated, managed updates to the underlying servers, allows changing
@@ -86,7 +94,8 @@ tool for managing deployments. The Elastic Beanstalk environment uses the
 `multicontainer docker environment <http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_ecs.html>`_
 to maximize flexibility in terms of the application(s) and container(s) deployed to the stack.
 
-**Elastic Container Service (ECS)** might be useful if complex container service definitions are required.
+**Elastic Container Service (ECS)** or **Elastic Kubernetes Service (EKS)** might be useful if complex container
+service definitions are required.
 
 If you prefer to configure application servers manually using Ansible, Salt, Chef, Puppet, or another such tool,
 choose the **EC2** option. Be aware that the instances created are managed by an autoscaling group, so you should
@@ -499,6 +508,8 @@ USE_EB=on
     Create an Elastic Beanstalk application
 USE_ECS=on
     Create an Elastic Container Service.
+USE_EKS=on
+    Create an AWS EKS (Kubernetes) cluster.
 USE_DOKKU=on
     Create an EC2 instance containing a Dokku server
 

stack/__init__.py

@@ -1,32 +1,47 @@
 import datetime
 import os
 
-from . import sftp  # noqa: F401
-from . import assets  # noqa: F401
-from . import cache  # noqa: F401
-from . import database  # noqa: F401
-from . import logs  # noqa: F401
-from . import vpc  # noqa: F401
-from . import template
+USE_DOKKU = os.environ.get("USE_DOKKU") == "on"
+USE_EB = os.environ.get("USE_EB") == "on"
+USE_EC2 = os.environ.get("USE_EC2") == "on"
+USE_ECS = os.environ.get("USE_ECS") == "on"
+USE_EKS = os.environ.get("USE_EKS") == "on"
+USE_GOVCLOUD = os.environ.get("USE_GOVCLOUD") == "on"
+USE_NAT_GATEWAY = os.environ.get("USE_NAT_GATEWAY") == "on"
 
-if os.environ.get('USE_GOVCLOUD') != 'on':
-    # make sure this isn't added to the template for GovCloud, as it's not
-    # supported in this region
-    from . import search  # noqa: F401
+if USE_EKS:
+    from . import vpc  # noqa: F401
+    from . import template
+    from . import repository  # noqa: F401
+    from . import eks  # noqa: F401
+else:
+    from . import sftp  # noqa: F401
+    from . import assets  # noqa: F401
+    from . import cache  # noqa: F401
+    from . import database  # noqa: F401
+    from . import logs  # noqa: F401
+    from . import vpc  # noqa: F401
+    from . import template
 
-if os.environ.get('USE_NAT_GATEWAY') == 'on':
-    from . import bastion  # noqa: F401
+    if not USE_GOVCLOUD:
+        # make sure this isn't added to the template for GovCloud, as it's not
+        # supported in this region
+        from . import search  # noqa: F401
 
-if os.environ.get('USE_ECS') == 'on':
-    from . import repository  # noqa: F401
-    from . import cluster  # noqa: F401
-elif os.environ.get('USE_EB') == 'on':
-    from . import repository  # noqa: F401
-    from . import eb  # noqa: F401
-elif os.environ.get('USE_DOKKU') == 'on':
-    from . import dokku  # noqa: F401
-else:  # USE_GOVCLOUD and USE_EC2 both provide EC2 instances
-    from . import instances  # noqa: F401
+    if USE_NAT_GATEWAY:
+        from . import bastion  # noqa: F401
+
+    if USE_ECS:
+        from . import repository  # noqa: F401
+        from . import ecs_cluster  # noqa: F401
+    elif USE_EB:
+        from . import repository  # noqa: F401
+        from . import eb  # noqa: F401
+    elif USE_DOKKU:
+        from . import dokku  # noqa: F401
+    elif USE_EC2 or USE_GOVCLOUD:
+        # USE_GOVCLOUD and USE_EC2 both provide EC2 instances
+        from . import instances  # noqa: F401
 
 # Must be last to tag all resources
 from . import tags  # noqa: F401

stack/assets.py

@@ -1,5 +1,3 @@
-import os
-
 from troposphere import (
     AWS_REGION,
     And,
@@ -36,6 +34,7 @@
     VersioningConfiguration
 )
 
+from . import USE_GOVCLOUD
 from .common import (
     arn_prefix,
     cmk_arn,
@@ -263,7 +262,7 @@
 )
 
 
-if os.environ.get('USE_GOVCLOUD') != 'on':
+if not USE_GOVCLOUD:
     assets_use_cloudfront = template.add_parameter(
         Parameter(
             "AssetsUseCloudFront",

stack/common.py

@@ -1,5 +1,6 @@
 from troposphere import AWS_REGION, Equals, If, Not, Ref
 
+from . import USE_DOKKU, USE_EB, USE_EC2, USE_ECS, USE_GOVCLOUD
 from .template import template
 from .utils import ParameterWithDefaults as Parameter
 
@@ -22,123 +23,17 @@
     label="Admin IP Address",
 ))
 
-container_instance_type = Ref(template.add_parameter(
-    Parameter(
-        "ContainerInstanceType",
-        Description="The application server instance type",
-        Type="String",
-        Default="t2.micro",
-        AllowedValues=[
-            't3.nano',
-            't3.micro',
-            't3.small',
-            't3.medium',
-            't3.large',
-            't3.xlarge',
-            't3.2xlarge',
-            't2.nano',
-            't2.micro',
-            't2.small',
-            't2.medium',
-            't2.large',
-            't2.xlarge',
-            't2.2xlarge',
-            'm5.large',
-            'm5.xlarge',
-            'm5.2xlarge',
-            'm5.4xlarge',
-            'm5.12xlarge',
-            'm5.24xlarge',
-            'm5d.large',
-            'm5d.xlarge',
-            'm5d.2xlarge',
-            'm5d.4xlarge',
-            'm5d.12xlarge',
-            'm5d.24xlarge',
-            'm4.large',
-            'm4.xlarge',
-            'm4.2xlarge',
-            'm4.4xlarge',
-            'm4.10xlarge',
-            'm4.16xlarge',
-            'm3.medium',
-            'm3.large',
-            'm3.xlarge',
-            'm3.2xlarge',
-            'c5.large',
-            'c5.xlarge',
-            'c5.2xlarge',
-            'c5.4xlarge',
-            'c5.9xlarge',
-            'c5.18xlarge',
-            'c5d.large',
-            'c5d.xlarge',
-            'c5d.2xlarge',
-            'c5d.4xlarge',
-            'c5d.9xlarge',
-            'c5d.18xlarge',
-            'c4.large',
-            'c4.xlarge',
-            'c4.2xlarge',
-            'c4.4xlarge',
-            'c4.8xlarge',
-            'c3.large',
-            'c3.xlarge',
-            'c3.2xlarge',
-            'c3.4xlarge',
-            'c3.8xlarge',
-            'p2.xlarge',
-            'p2.8xlarge',
-            'p2.16xlarge',
-            'g2.2xlarge',
-            'g2.8xlarge',
-            'x1.16large',
-            'x1.32xlarge',
-            'r5.large',
-            'r5.xlarge',
-            'r5.2xlarge',
-            'r5.4xlarge',
-            'r5.12xlarge',
-            'r5.24xlarge',
-            'r4.large',
-            'r4.xlarge',
-            'r4.2xlarge',
-            'r4.4xlarge',
-            'r4.8xlarge',
-            'r4.16xlarge',
-            'r3.large',
-            'r3.xlarge',
-            'r3.2xlarge',
-            'r3.4xlarge',
-            'r3.8xlarge',
-            'i3.large',
-            'i3.xlarge',
-            'i3.2xlarge',
-            'i3.4xlarge',
-            'i3.8xlarge',
-            'i3.16large',
-            'd2.xlarge',
-            'd2.2xlarge',
-            'd2.4xlarge',
-            'd2.8xlarge',
-            'f1.2xlarge',
-            'f1.16xlarge',
-        ]
-    ),
-    group="Application Server",
-    label="Instance Type",
-))
-
-secret_key = Ref(template.add_parameter(
-    Parameter(
-        "SecretKey",
-        Description="Application secret key for this stack (optional)",
-        Type="String",
-        NoEcho=True,
-    ),
-    group="Application Server",
-    label="Secret Key",
-))
+if any([USE_DOKKU, USE_EB, USE_ECS, USE_EC2, USE_GOVCLOUD]):
+    secret_key = Ref(template.add_parameter(
+        Parameter(
+            "SecretKey",
+            Description="Application secret key for this stack (optional)",
+            Type="String",
+            NoEcho=True,
+        ),
+        group="Application Server",
+        label="Secret Key",
+    ))
 
 use_aes256_encryption = Ref(template.add_parameter(
     Parameter(